CVE-2025-66916
RuoYi-Vue-Plus · RuoYi-Vue-Plus
The snailjob component in RuoYi-Vue-Plus fails to filter user input in the check-node-expression interface, allowing arbitrary file read/write operations via QLExpress.
Executive summary
RuoYi-Vue-Plus contains a critical vulnerability in the snailjob component that allows attackers to perform arbitrary file read and write operations.
Vulnerability
The /snail-job/workflow/check-node-expression interface fails to properly sanitize user-supplied input, allowing the exploitation of QLExpress expressions to manipulate the File class for arbitrary file system access.
Business impact
An attacker can read sensitive configuration files or overwrite system files, potentially leading to full system takeover or sensitive data exposure. With a CVSS score of 9.4, this vulnerability represents an urgent threat that could be leveraged to gain persistence or elevate privileges.
Remediation
Immediate Action: Update the RuoYi-Vue-Plus framework to the latest version where the snailjob input validation is corrected.
Proactive Monitoring: Monitor application logs for suspicious input patterns directed at the /snail-job/ endpoint and look for unexpected file modification activities.
Compensating Controls: Restrict access to the affected interface through network-level controls or WAF rules if immediate patching is not feasible.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
The ability to perform arbitrary file operations constitutes a severe threat to system integrity. Security teams should prioritize patching this component immediately and audit the system for any signs of prior unauthorized access.